Amazon EC2 Systems Manager

Amazon EC2 Systems Manager Hybrid Cloud Management at Scale

Julien Simon Principal Technical Evangelist, AWS [email protected] @julsimon

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

What to Expect from the Session •  Overview of Systems Manager and its capabilities •  Learn how to configure and manage your cloud and hybrid IT environments at scale •  Demo

Cloud is the new normal – enterprises of all sizes are moving to the cloud to take advantage of increased agility, lower costs, and a global reach

Many enterprises often bring their traditional on-premises toolset to manage their cloud and hybrid environments

What customers have told us: Managing cloud and hybrid environments using a traditional toolset is complex and costly Traditional IT toolset is not designed and built for cloud scale Maintaining broader enterprise-wide visibility is challenging Deploying and maintaining multiple products is a significant operational overhead Licensing costs and complexity

Introducing EC2 Systems Manager A set of capabilities that enable automated configuration and ongoing management of systems at scale, across all of your Windows and Linux workloads, running in Amazon EC2 or on-premises

Why should I care?

Hybrid

Cross-platform

Scalable

Secure

Easy-to-write automation

Reduced TCO

Systems Manager capabilities Deploy, Configure, and Administer

Shared Capabilities

Track and Update

Inventory Run Command

Maintenance Window Patch Manager

State Manager

Parameter Store Automation

Run Command Perform common administrative tasks remotely at scale •  Example: Running shell and PowerShell scripts •  Easily define new tasks using simple JSON-based Documents – no specialized skillset required •  Leverage Documents built by AWS and the broader community •  Delegate access, perform audit, receive notifications •  Helps improve security posture by eliminating the need to SSH or RDP

https://aws.amazon.com/ec2/run-command/

State Manager Define and maintain a consistent configuration of OS and applications •  Example: Configuring firewall and updating anti-malware definitions •  Define new policies using simple JSON-based Documents •  Control how and when a configuration is applied and maintained •  Helps enforce enterprise-wide compliance of configuration policies

Automation Service Automate common tasks using simplified workflows •  Optimized for building and maintaining Amazon Machine Images (AMIs) •  Start with an AMI à perform automation steps like OS patching and drive updates à produce a new AMI

•  Express your workflow as automation steps in a JSON-based Document •  Support for Run Command, Lambda functions •  Eliminates the overhead in managing ‘golden’ enterprise images

Documents

Parameter Store Centralized management of IT assets such as passwords and connection strings •  Parameters reference-able via a Run Command, State Manager, and Automation Service •  Granular access control limits unwanted data access •  Encrypt sensitive information using your own KMS keys •  Eliminates on-going maintenance challenge of critical enterprise assets

Maintenance Window Schedule disruptive tasks in well-defined window to minimize downtime •  Define one or more recurring windows of time during which it is acceptable for disruptive actions to occur •  Built-in integration with Run Command and Patch Manager •  Helps improve availability and reliability of your workloads by automatically performing tasks in a well-defined window of time

Inventory Scalable way of collecting, querying, and auditing detailed software inventory information •  Example: Instance and OS details, network configuration, list of files, installed software and patches •  Collect data from predefined inventory types or write a custom one using JSON Document •  AWS Config integration enables tracking the history of changes •  Simplifies management scenarios, such as licensing usage tracking and identifying zero-day vulnerabilities

Patch Manager Roll out Windows OS patches using custom-defined rules and pre-scheduled maintenance windows •  Express custom patch policies as patch baselines, e.g., apply critical patches on day 1 but wait 7 days for non-critical patches •  Perform patching during scheduled maintenance windows •  Built-in patch compliance reporting •  Eliminates manual intervention and reduces time-to-deploy for critical updates and zero-day vulnerabilities

Systems Manager availability •  No charge – only pay for AWS resources you manage •  Available in multiple regions •  Americas : all 4 US regions and Sao Paulo •  Europe: Ireland and Frankfurt •  APAC: Singapore, Sydney, Tokyo, Seoul

EC2 Systems Manager Agent

•  The Amazon EC2 Systems Manager Agent processes Systems Manager requests and configures your machine as specified in the request. •  EC2 instances need a role with proper IAM permissions

https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-configuring-access-policies.html

Supported OSes – Linux •  64-Bit and 32-Bit Systems •  •  •  • 

Amazon Linux 2014.03 or later Ubuntu Server 12.04LTS, 14.04LTS, 16.04 LTS Red Hat Enterprise Linux (RHEL) 6.5 or later CentOS 6.3 or later

•  64-Bit Systems Only •  •  • 

Amazon Linux 2015.03 or later Red Hat Enterprise Linux (RHEL) 7.x or later CentOS 7.1 or later

•  You have to install the EC2 Systems Manager Agent

Supported OSes – Windows

•  Windows Server 2003 through Windows Server 2016, including R2 versions. •  EC2 Systems Manager Agent is pre-installed on Amazon-provided Windows Server 2016 images.

Demo

In summary …

Hybrid

Cross-platform

Scalable

Secure

Easy-to-write automation

Reduced TCO

Going further •  WIN401 – How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud with AWS Management CapabiliAes hBps://www.youtube.com/watch?v=Eal9K0aGLYI •  WIN402 – How I learned to embrace DevOps and configure infrastructure at scale https://www.youtube.com/watch?v=L5TglwWI5Yo

AWS User Groups Lille Paris Rennes Nantes Bordeaux Lyon Montpellier Toulouse Côte d’Azur (new!)

facebook.com/groups/AWSFrance/ @aws_actus

https://aws.amazon.com/fr/events/webinaires/

Chaîne “Amazon Web Services France” sur YouTube https://www.youtube.com/channel/UCDE2Dt16Asi-RiR_GNe9scA

Thank you! Julien Simon Principal Technical Evangelist, AWS [email protected] @julsimon